Topic: PIC32MZ HW Crypt

Microchip Harmony v3,  wolfssl-4.1.0 and PIC32MZ1024EFK64, i have problem with TLS when using hardware crypt.
On some files from web server, google chrom says: "net::ERR_SSL_PROTOCOL_ERROR". Files with error differ any time i refresh web page.
I found, that sometimes in function Pic32Crypto (from pic32mz-crypt.c) i get timeout==0

        /* check for errors */
        if (CESTATbits.ERROP || timeout <= 0) {
        #if 0
            printf("PIC32 Crypto: ERROP %x, ERRPHASE %x, TIMEOUT %s\n",
                CESTATbits.ERROP, CESTATbits.ERRPHASE, timeout <= 0 ? "yes" : "no");
        #endif
            Nop(); //here got brackpoint, with timeout ==0 and CESTAT == 0x001F804E 
            ret = ASYNC_OP_E;
        }

When using software crypt  - all works fine

Share

Re: PIC32MZ HW Crypt

Hi i.fedotov,

The PIC32MZ does not allow two hardware hashing operations to happen at the same time. We have two versions of the hardware crypto. Some of the TLS operations required overlapping update/final. Make sure you do not have WOLFSSL_PIC32MZ_LARGE_HASH defined.

1. Enabled with WOLFSSL_PIC32MZ_LARGE_HASH, which enables direct update/finish calls to hardware.

2. Caches updates and only uses hardware on final.

You can see this code in wolfcrypt/src/port/pic32/pic32mz-crypt.c. In Harmony sources its in HarmonyFramework/crypt/src.

Let me know if that makes a difference for you or not. If not please let me know the cipher suite and TLS version being used. If possible also enable debugging using DEBUG_WOLFSSL and calling wolfSSL_Debugging_ON();.

Thanks,
David Garske, wolfSSL

Share

3 (edited by i.fedotov 2019-09-30 09:11:18)

Re: PIC32MZ HW Crypt

Thank you.

WOLFSSL_PIC32MZ_LARGE_HASH undefined (commented at pic32mz-crypt.h), and there no any changes with problem.
Config (mostly generated by Harmony v3 configurator):

******************************************************************************/
/*wolfSSL TLS Layer Configuration*/
/******************************************************************************/
#define HAVE_AES_DECRYPT
#define WOLFSSL_ALT_NAMES
#define WOLFSSL_DER_LOAD
#define KEEP_OUR_CERT
#define KEEP_PEER_CERT
#define HAVE_CRL_IO
#define HAVE_IO_TIMEOUT
#define HAVE_FFDHE_2048
#define HAVE_FFDHE_3072
#define HAVE_FFDHE_4096
#define HAVE_FFDHE_6144
#define HAVE_FFDHE_8192
#define TFM_NO_ASM
#define WOLFSSL_NO_ASM
#define SINGLE_THREADED
#define SIZEOF_LONG_LONG 8
#define WOLFSSL_USER_IO
#define NO_WRITEV
#define NO_DEV_RANDOM
#define NO_FILESYSTEM
#define MICROCHIP_TCPIP
#define USER_TICKS
#define WOLFSSL_DTLS
//#define SMALL_SESSION_CACHE

#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define NO_ERROR_STRINGS
    
#define WOLFSSL_TLS13
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define WOLFSSL_POST_HANDSHAKE_AUTH
#define WC_RSA_BLINDING    
#define WC_RSA_PSS
#define HAVE_HKDF
#define WOLFSSL_CERT_GEN
//#define WOLFSSL_KEY_GEN


/*** Crypto Library Configuration ***/
#define WC_NO_HARDEN
#define NO_DSA
#define HAVE_MCAPI
#define WOLFSSL_IGNORE_FILE_WARN

#define MICROCHIP_PIC32
#define MICROCHIP_MPLAB_HARMONY
#define MICROCHIP_MPLAB_HARMONY_3
    
#define SIZEOF_LONG_LONG 8

#define USE_FAST_MATH
#define USE_CERT_BUFFERS_2048
#define NO_BIG_INT
#define WOLFSSL_AES_COUNTER
#define HAVE_AES_ECB
#define HAVE_AES_CBC
#define HAVE_AESGCM
#define CONFIG_HAVE_XDMAC
#define WOLFSSL_SHA512
#define WOLFSSL_SHA384
#define HAVE_ECC
#define WOLFSSL_STATIC_RSA
#define WOLFSSL_AES_DIRECT
#define WOLFSSL_PIC32MZ_HASH
#define WOLFSSL_MICROCHIP_PIC32MZ
//#define HAVE_MICROCHIP_HARMONY3_HW_TDES
//#define HAVE_MICROCHIP_HARMONY3_HW_RNG
//#define HAVE_MICROCHIP_HARMONY3_HW_SHA256
//#define HAVE_MICROCHIP_HARMONY3_HW_SHA1
//#define HAVE_MICROCHIP_HARMONY3_HW_AES
#define WOLFSSL_PIC32MZ_RNG    

TLS 1.2

Share